Windows Server 2012 PPTP VPN

Many vendors offer customers the ability to build they very own PPTP VPN. You probably shouldn’t since they are no longer consider to be secure, but there’s no law that says you can’t. Microsoft Windows Server 2012 and earlier version are no different. With only a little effort, you can use Windows Server 2012 to make your very own PPTP VPN server.

Many of the steps here are identical to those you would perform if you were building a secure SSTP VPN on Windows Server 2012 and you chose not to use Anywhere Access to do it. The Anywhere Access wizard makes building a secure SSTP VPN almost effortless. The old fashioned way is a little more difficult, but not much. The SSTP VPN adds additional work, compared to PPTP, in the area of Active Directory Certificate Services (AD CS).

Select the users who will access the VPN and call up their user profiles. Modify each in this way.

____________________

Install the Routing and Remote Access Role

Install the Routing and Remote Access role. About half of the PPTP examples you will see on the Internet include Routing while the other half don’t. I’ve successfully installed a PPTP VPN using both choices, so you decide what you want to install. DirectAccess and VPN (RAS) is required.

____________________

Configure Routing And Remote Access Services

Right click the selection next to the red mark. Select Configure and Enable Routing and Remote Access. The wizard will nag you about including DirectAccess. Just select VPN only. DirectAccess is an always on SSTP VPN. The client must be in a domain and running Windows 7 Enterprise or Ultimate or the equivalent Windows 8 version. DirectAccess is more complicated to install than a typical SSTP VPN or a secure WebDav Server.

###

Click Next.

###

Select Custom Configuration.

###

Select VPN Access

###

Done.

###

Start the Service.

###

Right click the server name and select Properties.

###

Select the IPv4 tab. Select static pool. Click Add.

###

Type in a range on your local network for IP addresses. The VPN server will give the client PC a local IP address within this range. Make it relatively wide so it won’t conflict with one already in use on your local network. Or, better yet, sign on to your router and reserve a range if your router has this feature. Enter that range here.